stage_ransomware.dll

Description:

Authors:

Version:

Architecture: 64-bit

Operating System:

SHA256: 6ace71a92b08f70a76c04b4b6b29c30f

File Size: 511.5 KB

Uploaded At: March 26, 2026, 9:54 a.m.

Views: 9

Exported Functions

  • Exit (Ordinal: 1, Address: 0x2fd0)

Imported DLLs & Functions

KERNEL32.dll
  • ChangeTimerQueueTimer (Address: 0x180055228)
  • CloseHandle (Address: 0x180055010)
  • CreateEventW (Address: 0x180055100)
  • CreateFileW (Address: 0x180055000)
  • CreateThread (Address: 0x180055200)
  • CreateTimerQueue (Address: 0x1800552d8)
  • CreateTimerQueueTimer (Address: 0x180055220)
  • DecodePointer (Address: 0x180055158)
  • DeleteCriticalSection (Address: 0x1800550e0)
  • DeleteFileW (Address: 0x180055018)
  • DeleteTimerQueueTimer (Address: 0x180055230)
  • DuplicateHandle (Address: 0x1800552a0)
  • EncodePointer (Address: 0x180055150)
  • EnterCriticalSection (Address: 0x1800550c8)
  • ExitProcess (Address: 0x180055310)
  • FindClose (Address: 0x180055350)
  • FindFirstFileExA (Address: 0x180055358)
  • FindFirstFileW (Address: 0x180055020)
  • FindNextFileA (Address: 0x180055360)
  • FindNextFileW (Address: 0x180055040)
  • FlushFileBuffers (Address: 0x1800550b8)
  • FreeEnvironmentStringsW (Address: 0x1800550c0)
  • FreeLibrary (Address: 0x180055260)
  • FreeLibraryAndExitThread (Address: 0x180055268)
  • GetACP (Address: 0x180055330)
  • GetCommandLineA (Address: 0x180055378)
  • GetCommandLineW (Address: 0x180055380)
  • GetConsoleCP (Address: 0x1800550b0)
  • GetConsoleMode (Address: 0x1800550a8)
  • GetCPInfo (Address: 0x180055170)
  • GetCurrentProcess (Address: 0x1800551c0)
  • GetCurrentProcessId (Address: 0x1800551d8)
  • GetCurrentThread (Address: 0x180055080)
  • GetCurrentThreadId (Address: 0x1800550e8)
  • GetEnvironmentStringsW (Address: 0x180055388)
  • GetFileSizeEx (Address: 0x180055028)
  • GetFileType (Address: 0x180055348)
  • GetLastError (Address: 0x180055060)
  • GetLogicalProcessorInformation (Address: 0x180055218)
  • GetModuleFileNameA (Address: 0x180055320)
  • GetModuleFileNameW (Address: 0x180055270)
  • GetModuleHandleA (Address: 0x180055278)
  • GetModuleHandleExW (Address: 0x180055318)
  • GetModuleHandleW (Address: 0x180055140)
  • GetNumaHighestNodeNumber (Address: 0x180055238)
  • GetOEMCP (Address: 0x180055370)
  • GetProcAddress (Address: 0x180055048)
  • GetProcessAffinityMask (Address: 0x180055240)
  • GetProcessHeap (Address: 0x180055338)
  • GetStartupInfoW (Address: 0x1800551e8)
  • GetStdHandle (Address: 0x180055340)
  • GetStringTypeW (Address: 0x180055168)
  • GetSystemTimeAsFileTime (Address: 0x180055130)
  • GetThreadPriority (Address: 0x180055210)
  • GetThreadTimes (Address: 0x180055088)
  • GetTickCount (Address: 0x180055138)
  • GetVersionExW (Address: 0x180055288)
  • HeapAlloc (Address: 0x1800552f8)
  • HeapFree (Address: 0x180055300)
  • HeapReAlloc (Address: 0x180055308)
  • HeapSize (Address: 0x180055328)
  • InitializeCriticalSectionAndSpinCount (Address: 0x1800550f8)
  • InitializeSListHead (Address: 0x180055178)
  • InterlockedFlushSList (Address: 0x1800552c0)
  • InterlockedPopEntrySList (Address: 0x1800552b0)
  • InterlockedPushEntrySList (Address: 0x1800552b8)
  • IsDebuggerPresent (Address: 0x1800551e0)
  • IsProcessorFeaturePresent (Address: 0x1800551d0)
  • IsValidCodePage (Address: 0x180055368)
  • LCMapStringW (Address: 0x180055160)
  • LeaveCriticalSection (Address: 0x1800550d0)
  • LoadLibraryExW (Address: 0x180055280)
  • LoadLibraryW (Address: 0x180055050)
  • MultiByteToWideChar (Address: 0x180055148)
  • QueryDepthSList (Address: 0x1800552c8)
  • QueryPerformanceCounter (Address: 0x180055070)
  • QueryPerformanceFrequency (Address: 0x180055078)
  • RaiseException (Address: 0x1800552f0)
  • ReadFile (Address: 0x180055008)
  • RegisterWaitForSingleObject (Address: 0x180055250)
  • ReleaseSemaphore (Address: 0x1800552a8)
  • ResetEvent (Address: 0x180055188)
  • RtlCaptureContext (Address: 0x180055198)
  • RtlLookupFunctionEntry (Address: 0x1800551a0)
  • RtlPcToFileHeader (Address: 0x1800552e8)
  • RtlUnwindEx (Address: 0x1800552e0)
  • RtlVirtualUnwind (Address: 0x1800551a8)
  • SetEvent (Address: 0x180055180)
  • SetFilePointer (Address: 0x180055030)
  • SetFilePointerEx (Address: 0x180055098)
  • SetLastError (Address: 0x180055068)
  • SetStdHandle (Address: 0x1800550a0)
  • SetThreadAffinityMask (Address: 0x180055248)
  • SetThreadPriority (Address: 0x180055208)
  • SetUnhandledExceptionFilter (Address: 0x1800551b8)
  • SignalObjectAndWait (Address: 0x1800551f0)
  • Sleep (Address: 0x180055108)
  • SwitchToThread (Address: 0x1800551f8)
  • TerminateProcess (Address: 0x1800551c8)
  • TlsAlloc (Address: 0x180055110)
  • TlsFree (Address: 0x180055128)
  • TlsGetValue (Address: 0x180055118)
  • TlsSetValue (Address: 0x180055120)
  • TryEnterCriticalSection (Address: 0x1800550d8)
  • UnhandledExceptionFilter (Address: 0x1800551b0)
  • UnregisterWait (Address: 0x180055258)
  • UnregisterWaitEx (Address: 0x1800552d0)
  • VirtualAlloc (Address: 0x180055290)
  • VirtualFree (Address: 0x180055298)
  • VirtualProtect (Address: 0x180055058)
  • WaitForSingleObjectEx (Address: 0x180055190)
  • WideCharToMultiByte (Address: 0x1800550f0)
  • WriteConsoleW (Address: 0x180055090)
  • WriteFile (Address: 0x180055038)
SHELL32.dll
  • SHGetSpecialFolderPathW (Address: 0x180055398)
urlmon.dll
  • URLDownloadToFileW (Address: 0x1800553a8)